Capture traffic with Wireshark

Being on the same network does not guarantee that it is possible to capture the traffic of your server and other hosts of your internal network, there are illicit ways to do this and I will not go into detail.

The right ways to capture the traffic you need is:

• Run a Sniffer directly on your server and check if the expected traffic is occurring (obviously you have to have access to the server).

• Run a Sniffer in the Gateway your server uses, this way you will catch all the incoming and outgoing traffic between the two hosts who pass through the gateway (obviously you have to have access to the gateway).

• If the Switch that your server is physically connected via network is manageable, Layer3 or above that it is very likely that you can make a port mirror (mirror port), so you can tell the switch to transfer all traffic from certain ports, this makes you able to intercept via Sniffer everything that would be entering and exiting the port of the switch that is your server (obviously you have to have a switch with port mirror option and physical access on that switch).

Back when network assets were Hubs and not Switches, it was possible to get traffic information occurring on the network, this was a danger, any computer on the network could intercept information.

Depending on the restrictions you have, it is also possible to run a tcpdump on the server and save the output to a file and then open it on wireshark and do a more "visual" reading. Maybe you’re not seeing traffic through your local switch or network settings.